<?php

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

$is_formal = $_POST['custom'];

foreach ($_POST as $key => $value) {
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header  = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";



// If testing on Sandbox use:
if ($is_formal == 0) {
  $server = 'ssl://www.sandbox.paypal.com';
} else {
  $server = 'ssl://www.paypal.com';
}

$fp = fsockopen ($server, 443, $errno, $errstr, 30);
  
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
  //HTTP ERROR
} else {
  fputs ($fp, $header . $req);
  while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
//      $comment_status = $_POST['payment_status'] . ' (' . ucfirst($_POST['payer_status']) . '; ' . number_format($_POST['mc_gross'],2,'.',',') . ')';
      require_once dirname(__FILE__) . '/../../../DbUtils.class.php';
      require_once dirname(__FILE__) . '/../../../includes/MiscUtils.class.php';
      $myPdo = DbUtils::createPdoInst();
     
//      if ($_POST['payment_status'] == 'Pending') {
//        $comment_status .= '; ' . $_POST['pending_reason'];
//      } elseif ( ($_POST['payment_status'] == 'Reversed') || ($_POST['payment_status'] == 'Refunded') ) {
//        $comment_status .= '; ' . $_POST['reason_code'];
//      } elseif(($_POST['payment_status'] == 'Completed')) {
        $cond_vals = new stdClass();
        $cond_vals->c = 't.order_no = :v1';
        $cond_vals->v = array(':v1' => $item_name);
        $order = DbUtils::get(DbUtils::createPdoInst(), 'pz_ecom_order', $cond_vals, NULL, NULL, NULL, NULL, NULL)->d[0];
        
        $ta = new stdClass();
        $ta->track_id = MiscUtils::unique();
        $ta->date_added = date("Y-m-d H:i:s");
        $ta->date_last_mod = date("Y-m-d H:i:s");
        $ta->date_paid = date("Y-m-d");
        $ta->customer_id = $order->customer_id;
        $ta->payment_id = $order->payment_id;
        $ta->payment_name = $order->payment_name;
        $ta->total = $payment_amount;
        $ta->trans_no = $txn_id;
        $ta->is_custom = 0;
        DbUtils::add($myPdo, 'pz_ecom_transaction', $ta);
        $ta->id = $myPdo->lastInsertId();
        
        $order->is_paid = 1;
        $order->transaction_id = $ta->id;
        DbUtils::update($myPdo, 'pz_ecom_order', $order);
//      }
    } else if (strcmp ($res, "INVALID") == 0) {
      // log for manual investigation
      // echo the response
      echo "The response from IPN was: <b>" .$res ."</b>";
    }
  }
  fclose ($fp);
}
?>